[PATCH] busybox: fix TOCTOU race in various directory traversal

Sertonix sertonix at posteo.net
Sat Jan 31 14:06:21 UTC 2026 

Also results in a binary size shrink by sharing more code :)

Without this a process having write access to a directory could trick
a more privilidged rm -r call to delete any file that the rm process
has access to.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-recursive_action-prevent-file-type-confusion-when-fi.patch
Type: text/x-patch
Size: 7399 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-remove_file-switch-to-using-recursive_action.patch
Type: text/x-patch
Size: 9475 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-archival-tar-use-dirfd-of-recursive_action.patch
Type: text/x-patch
Size: 1239 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-chmod-use-dirfd-from-recursive_action.patch
Type: text/x-patch
Size: 1456 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-chown-use-dirfd-from-recursive_action.patch
Type: text/x-patch
Size: 2182 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-run_parts-use-dirfd-from-recursive_action.patch
Type: text/x-patch
Size: 1131 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0007-recursive_action-remove-fileName-argument-from-fileA.patch
Type: text/x-patch
Size: 27998 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20260131/9add4059/attachment-0013.bin>

More information about the busybox mailing list